Details:
We are using Keycloak authentication server with Asp.Net WebAPI.
Now I need to get the Keycloak user details based on GUID. Basically I am interested in roles, groups associated with the user.
I tried :
GetUser
URI: GET /admin/realms/{realm}/users/{id}
It is returning user details but few properties are not present in received User details.
Kindly help to resolve this issue.
You will not get the Roles info from this API.You will have to call Role mappings.
This is the API.You will have to pass the UserID in the API
http://${KEY_CLOAK_IP}/auth/admin/realms/MeetingApp/users+'/' + userid + '/role-mappings/realm
Related
We are using Okta as a OAuth login provider.
What we wish to achieve is to fetch user role information in the authentication response itself. We are using spring security.
Currently we get following details in org.springframework.security.oauth2.core.oidc.user.OidcUser object
[Edit]
Adding content of authorities
This does not include user role information. Is there a way to get the user role information in the authentication response itself?
I am trying to implement a role management for in spring boot APIs.
I went through the link but I could not get the below details
1. Here they are using #Secured, I am not sure when actually role verification is called
Because there is a separate server which has the Role and Authorities details, Hence I want to call External Server to fetch the role and verify the Authorities ? here external server will give role details like userid and roles and allowed action like Delete, Create etc .
2. how the username or userid is fetched while validating the access ?
I have one application(Application1) which is SSO enabled and in that URL there is one parameter passed by user which is used along with userid and password for authentication.
For ex: Andrew works in Project department, and there are lot of other departments also. To login into the application he will type URL first as: http://myapp.com/project and then this login page will ask for userid and password. To authenticate Andrew all 3 things are taken into consideration. Userid, password, and department(passed in URL).
Now I am creating another application (Application2) which has spring security. So for authentication purpose I need to go to my Application1 and pass the department from Application2 in the URL. Once the user is authenticated I need to come back in Application2.
I am able to redirect to Application1 from Application2 by using .formLogin().loginPage() but have no clue in passing the department to URL runtime and come back to Application2 after authentication.
Please help me here.
i am working on springboot architecture with oauth security.
And we have authorization server and resource server.
All are working fine.
Here we need to authorize user on every api call.
The issue scenario is -we hit the api with user1 accesstoken,but we are able to get the user2 information with the same user1 access token.
It will reduce security for the user information.
So how can we handle this scenario?
where we need to configure this setttings for validate the accesstoken with the corresponding user?
We need a solution like
user1 accesstoken only able to get the user1 information,not able to get the user2 information..
Thanks,
Arunraj M
Spring security provides only method level authorities, for example if you have a method called getAllUsers(), and for the user you have created a token have access to this method should able to get all the user details.
If you want to filter further, then implement JWTtokens and from the token you can get the user for which the token is been generated, from that you can write a filter to get a appropriate value
I have spring boot app and I use keycloak as auth. provider.
For my realm I have set FACEBOOK or GOOGLE as identity providers.
I wonder how can I find out what identity provider user used - NOT via keycloak admin console, BUT in runtime.
eg.:
user A - FACEBOOK
user B - FACEBOOK
user C - GOOGLE
You can set a "User Session Note" mapper to your client's mappers.
Set the User Session Note field to: identity_provider
Note: you can use identity_provider_identity in User Session Note field to get its username from to identity provider https://www.keycloak.org/docs/latest/server_admin/index.html#available-user-session-data
Map metadata given in the access token, such as facebook/google user id, and import these to the keycloak user. If you then provide this metadata to the clients, they can see which identity broker that was used.
https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker/mappers.html
I know this question is old, but I found an alternative solution to your problem (given that you attempt to reach the information via Java / Spring). Say that that you have concrete variables user, realm and session of type UserModel, RealmModel and KeyCloakSession, respectively. Then you can obtain the set of all federated identities associated to your user:
Set<FederatedIdentityModel> identitySet = session.users().getFederatedIdentities(user, realm);
Each instance of FederatedIdentityModel has a #getIdentityProvider method allowing you to obtain the name of your IdP in question.